root on ports

Fabio Fracassi f.fracassi at gmx.net
Fri Feb 16 13:24:50 PST 2001


On Friday 16 February 2001 09:50, you wrote:
> On Thursday 15 February 2001 22:25, you wrote:
> > On Thursday 15 February 2001 16:06, Fabio Fracassi wrote:
> > > but anyone with read access to the profile can still take the encrypted
> > > password to get root access! Or not?
> >
> > That is correct. If you keep the profile with the password, but put "rm
> > -rf /" instead of everything else, you just killed the whole system.
> >
> > Maybe the password would need to be asked by the frontend to the user
> > before starting, and then kept somewhere safe? Of course, if the building
> > is killed, fails, is terminated, or simply ends, there should be no way
> > of finding that password.
>
> <rant mode>
>
> Ok first off, Why would we use SSH with ALFS? It's not in this
> email, but why? Why make SSH a requirement for network ALFS?
> This is not right, even if SSH does have things like ssh-agent.

Granted, that is a contra point for this technique.

> Ok second of all, everyone keeps talking about man in the middle attacks,
> where you are intercepting and changing the profile to do evil deads....
>
[Pruposed prociding]

This doesn't realy help against man in the middle attacks, for that you need a
RSA -Style asymetric encryption. You can either use existing programms for 
that (like SSH or SSL), or implement it yourself, which is pretty hard.
What you proposed in your example is very close to what ssh-agent does,
and, knowing the complexity of Cryptography and Security, i'd rather leave 
this part of coding to experts.


> What I am getting @ though, is this is all alfs_app designer stuff. Not
> ALFS.pm stuff. ALFS.pm should rely on simple techniques there I believe
> to accomplish it's goal of getting <make_install user="root"> to run......

Granted, it should be as simple as it could possibly be, and I am personally 
not realy concerned about security, but since ALFS has the potential to be an 
option for High Security Installations, I rather like to see this thougth of 
from the beginning on.

> If you wanted to build your alfs_app to require ssh for all of this, that
> should be the alfs_app desire, not a requirement of alfs.....

Would you give me the exact differece between alfs_app and alfs.pm?
(you dont mean frontend<->backend, do you?)
Whatever, a chain is only as strong as its weakest part.

Fabio








More information about the alfs-discuss mailing list